API Gateway Part 2

Understanding how API Gateway Works

API Gateway is a service that’s the entry point into the application from the outside world. It’s responsible for request routing, API composition, and other functions, such as authentication. All external clients first go to API gateway and will route to the appropriate service. API gateway may also translate between client-friendly protocols such as HTTP and WebSockets and client-unfriendly protocols used by the services.

Request Routing

One of the key functions of an API gateway is request routing. API gateway implements some API operations by routing requests to the corresponding service. When it receives a request, the API gateway consults a routing map that specifies which service to route the request to.

API Composition

An API gateway also provides API composition. I will explain it using some illustration.

Illustration before used API gateway with API composition

As figure in the illustration above, the android client makes multiple API calls.

Illustration after used API gateway with API composition

As figure in the illustration above, the API gateway provides API composition which enables android client efficiently retrieve data using single API request.

Protocol Translation

An API gateway also provide protocol translation. It might provide RESTful API to external clients, even though the application services use a mixture of protocols internally, including REST and gRPC. When needed, the implementation of some API operations translates between RESTful external API and internal gRPC based APIs.

API Gateway Provides Each Client With Client-Specific API

The problem with a single API is that different clients often have different requirements. For example, getOrder API operation will return product data, payment data, and inventory data. In some case, not all clients need all of the data. Let say mobile client only needs a subset of the data. The solution is the API gateway provides each client with its own API. For example, an API gateway provides different getOrder API for android, ios, and browser client.

Implementing Edge Functions

Example of edge function that might implement:

Authentication — verifying the identity of the client making the request

Authorization — verifying that the client is authorized to perform that particular operation

Rate Limiting — limiting how many request per second from either a specific client and/or from all clients

Caching — cache responses to reduce the number of requests made to the services

Request Logging — log request

Illustration of API Gateway with some edge function

API gateway must be reliable. One way to achieve it is to run multiple instances of gateway behind a load balancer. If one instance fails, the load balancer will route requests to other instances. Also when an API gateway invokes a service, there’s always a chance that the service is slow or unavailable. The solution is an API gateway use the Circuit breaker pattern when invoking service.

Some examples of API Gateway

AWS API gateway: Provided by AWS. You configure the API gateway, and AWS handles everything else, including scaling. Doesn’t support API composition, only supports HTTP(S) with a heavy emphasis on JSON.